Date: Thu, 13 Nov 2003 23:33:49 +0100 From: Jesper Skriver <jesper@FreeBSD.org> To: Anders Lowinger <anders@lowinger.se> Cc: Haesu <haesu@towardex.com> Subject: Re: tcp hostcache and ip fastforward for review Message-ID: <20031113223349.GB84594@FreeBSD.org> In-Reply-To: <3FB37F09.4050908@lowinger.se> References: <20031112024507.89398.qmail@web10007.mail.yahoo.com> <3FB20D2B.73624906@pipeline.ch> <20031112195529.GA48020@scylla.towardex.com> <3FB37F09.4050908@lowinger.se>
index | next in thread | previous in thread | raw e-mail
On Thu, Nov 13, 2003 at 01:54:33PM +0100, Anders Lowinger wrote: > >It only takes x num. of kpps with diverse destinations to knock off a > >router running flow based caching. > > Yep, that is true and its hard to work around. > > >Extreme switches use flow based caching (called ipfdb) and any DoS > >attack that uses diverse destinations will kill it pretty quickly.. > > Cisco's newer stuff does the flow-cache independent of the forwarding, > i.e. the flow is more of an accounting cache. With CEF enabled, the flow cache (NetFlow) is only for accounting etc. purposes, and is not involved in forwarding. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031113223349.GB84594>